Support Center > Search Results > SecureKnowledge Details
Support Center
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
 Print    Email
'sshd-x[PID]: reverse mapping checking getaddrinfo for HOST.DOMAIN failed - POSSIBLE BREAKIN ATTEMPT!' errors in /var/log/messages file

Solution ID: sk40676
Product: Security Gateway, Security Management
Version: All
OS: Gaia, Crossbeam COS, Crossbeam XOS, IPSO 6.2, Linux, SecurePlatform, SecurePlatform 2.6
Platform / Model: All
Date Created: 14-Apr-2009
Last Modified: 04-Aug-2013
Rate this document
  • /var/log/messages file shows the following error:

    sshd-x[PID]: reverse mapping checking getaddrinfo for HOSTNAME.DOMAIN failed - POSSIBLE BREAKIN ATTEMPT!

    Nov 19 00:15:25 FireWall_001 [LOG_INFO] sshd-x[25130]: reverse mapping checking getaddrinfo for failed - POSSIBLE BREAKIN ATTEMPT!

The Forward DNS record and Reverse DNS (PTR) record are not consistent with each other.

The system is trying to do a Reverse DNS lookup to match the connecting IP address with the hostname that is trying to connect and fails to do so.


In the above example:

  • The host is connecting to FireWall_001 over SSH.
  • Lookup for the hostname associated to that IP address resolves to
  • Resolving the IP address associated with fails because either the IP address is not, or cannot be resolved.


Possible troubleshooting steps (the order of the steps does not matter):

  • Verify that DNS server are configured correctly in the /etc/resolv.conf file.

  • Add the manual entry for relevant connecting machines into /etc/hosts file.

  • Disable lookup of the hostnames for connecting machines by setting "UseDNS no" directive in the /etc/ssh/sshd_config file.

  • Do not use simple passwords for SSH. The best idea to to disable passwords altogether and use SSH keys only.

  • Disable root login by setting "PermitRootLogin no" directive in the /etc/ssh/sshd_config file.

  • Change the port SSHD daemon is running on by setting the desired port in "Port" directive or in "ListenAddress IPv4_Address:Port" directive in the /etc/ssh/sshd_config file.

  • Change the shell for nobody user to /bin/false or /bin/nologin.


Imported from Nokia support database
Give us Feedback
Rate this document
Additional comments...(Max 2000 characters allowed)
Characters left: 2000